Good point indeed, I forgot that I do enable the fake seal bit patch. Other than that I never found any reason for the other changes -- dbus-server (imho one of the most annoying) stops doing credential checks just because of the openmode flag, and for the other few processes there's FIXED_ORIGIN. Just installing anything is usually enough for develsh to "Recover" the * token set.

One question: why do you mention CAL here? Is the libcal stuff stored in whatever BB5 uses as storage now? All of the kernel-addressable NAND is certainly fully writable in any mode (but in closed mode you need at least one of sys_module or a GRP I forgot about) and in fact one of the glaring points where a N9/50 can be relatively easily bricked.

I think that those apps just refuse to run when openmode is detected. For the simple checks, a simple workaround can be used; if they really use BB5 features it might actually be impossible, but the fact that it is impossible is exactly the reason why open mode will be allowed for the foreseeable future.

Fortunately, it seems that the number is much lower than I expected.

Any of those solutions implies keeping the device in "closed mode", so it would defeat the DRM parts of Aegis, and I've already deduced that is not going to happen.
Yes, every Nokian has been very quick to say that Aegis is not for DRM, but I've seen plenty of indications that at least some people in there still think that is the case (e.g. drive, odnp stuff) because they are going way more than necessary for just say protecting your past gps fixes from prying eyes, and because of the reluctance of the remaining developers to share information.

I do have a few proposals too:
- Make dbus-server not automatically ignore credentials on unclean boots, but rather make it listen to a env var like the dpkg script does. Same for other apps. This way you can enable credential enforcing even in unclean boots if you wish.
- The other extreme: fix all the apps that are expecting armed aegis protected storage, so that they also work even if it is missing (even if it means storing data in $HOME).

The first might probably happen, the second will certainly not.

Hi guys, this Aegis talk is fascinating stuff, but I think it is best posted in the Nokia & Aegis thread or even the Inception thread.

Back to the chroot-related issue - did you try the capability dropping arrangement I mentioned earlier? That should get things operating in the normal (non-root) case.

http://www.amazon.com/gp/product/B00...00_i00_details

That's the one right there.

I believe there is a thread floating around here somewhere dealing with bluetooth keyboards that I posted that on.

slaapliedje

hi guy, manage to chroot now.

1. using inception opensh to mount
2. exit to close mode
2. use javispedro's modhash.py to hash the image /bin/sh
3. chroot /img /bin/sh
4. done.

Thanks guy.!!

Seems like a basic 4step process, but you lost me...how did you do it again?

its more fun to see how it will be work rather than some gays that wants whatsapp thing, go go go, nice work here, and surprisingly this thread get less attention than the 'wazzap', sigh

.....so only gays want WhatsApp?

I just want a semi-noob step-by-step on how to get OpenOffice to work..

basically you need to have linux.img (it can be debian, ubuntu,bt5 & etc) google it.

copy the img to your home folder (/home/user/MyDocs/)
then download HarmChom.tgz from 1st page - Thanks to qole
extract it to your home folder, then you shoud see HarmChom folder.
Copy src/bin/* to /bin/, chmod +x after copied to /bin.
You might want to edit .chroot file as well (refer to page 1).

For close kernel need to edit below line.
Edit the /bin/debian, goto line 72 change it to "sh /bin/qchroot"
edit /bin/qchroot, goto line 37 add "sh" as well.

once done above follow the simple 4 steps previously.

You should able to mount linux.img

You will still not be able to run anything other than sh (also, it's binhash the one you want to use, modhash is for kernel modules ).

For chroot you either need unseal.ko or a fully aegis-neutering openmode kernel.